Please reply-to
dev-webapps@...
Name of API: Sensor API
Reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=697361http://dvcs.w3.org/hg/dap/raw-file/tip/sensor-api/Brief purpose of API: Let apps access environmental sensor data gathered by devices.
General Use Cases: None
Inherent threats:Privacy
Threat severity: Moderate
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Monitor environmental sensor data like temperature, barometer, magnetic field,
Authorization model for normal content: Explicit
Authorization model for installed content: Implicit
Potential mitigations: Only available to top-level content while focused
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Same
Use cases for trusted code: Implicit
Potential mitigations:
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code:
Backlight Dimming based on ambient light
Screen-off based on proximity
Authorization model: Implicit
Potential mitigations:
Note: Many device sensor and motion use cases already covered by DeviceOrientation / DeviceMotion API (
http://dev.w3.org/geo/api/spec-source-orientation.html)
_______________________________________________
dev-security mailing list
dev-security@...
https://lists.mozilla.org/listinfo/dev-security
